package run.newbug.Pro2.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.bind.annotation.*;

@RestController
public class ResourceController {

    @PreAuthorize("hasRole('admin')")
    @RequestMapping("/doAdd")
    public String deAdd(){
        return "add resource";
    }

    @PreAuthorize("hasAuthority('sys:res:delete')")
    @RequestMapping("/doDelete")
    public String doDelete(){
        return "update resource";
    }

    @PreAuthorize("hasAuthority('sys:res:update')")
    @RequestMapping("/doUpdate")
    public String doUpdate(){
        return "update resource";
    }

    @PreAuthorize("hasAuthority('sys:res:retrieve')")
    @GetMapping("/doGet")
    public String doGet(){
        return "get resource";
    }

    @RequestMapping("/doGetUserInfo")
    public String doGetUserInfo(){

        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        User principal = (User)authentication.getPrincipal();
        System.out.println();
        return principal.getUsername()+"-----"+principal.getAuthorities();
    }
}
